Russian hackers backed by Moscow have been carrying out a long-running cyber espionage campaign targeting key organizations like NATO to uncover military and government secrets, a report out on Tuesday claimed.
For at least seven years, a Russian hacking group known as APT28 has targeted "insider information related to governments, militaries and security organisations that would likely benefit the Russian government", cybersecurity company FireEye said.
"The activity that we profile in this paper appears to be the work of a skilled team of developers and operators collecting intelligence on defence and geopolitical issues – intelligence that would only be useful to a government," FireEye said in its report on Russian cyberespionage operations.
"We believe that this is an advanced persistent threat (APT) group engaged in espionage against political and military targets including the country of Georgia, Eastern European governments and militaries, and European security organizations since at least 2007."
APTs, or Advanced Persistent Threats, are complex attacks where hackers sneak into a cybernetwork and carry out prolonged information-gathering operations.
FireEye said APT28 had "systematically updating" its tools over the last seven years and was receiving "direct ongoing financial and other resources from a well-established organization".
NATO, governments targeted
APT28 uses "spearphishing" techniques, sending emails with a malicious attachment or link that users were lured into opening. This is often an entry point for hackers into a whole network.
FireEye's report said Russian state-backed hackers used this method to target the Georgian Ministry of Internal Affairs (MIA) and Ministry of Defense.
"APT28 made at least two specific attempts to target the MIA," it said in the report.
Russia and Georgia severed ties following a war in 2008, and since then, the latter has aligned itself with the West rather than Moscow. FireEye's report suggested this provided "strong incentive" for Russia's cyber attacks on Georgia.
Other Eastern European countries, such as Bulgaria, were also targeted, as well as NATO and the Organization for Security and Cooperation in Europe (OSCE).
Russian President Vladimir Putin has repeatedly poured scorn on North Atlantic Treaty Organization (NATO). According to FireEye, hacking NATO could give Moscow, "sensitive tactical and strategic intelligence concerning regional military capabilities and relationships".
The report comes amid heightened tension between the West and Russia, following Moscow's annexation of Crimea in March. The finger has been pointed at Russia for several widely reported cyberattacks, including a breach at JPMorgan that compromised the accounts of 76 million households and seven million small businesses.
In addition, cyber intelligence firm iSight Partners has recently reported that Russian hackers exploited a vulnerability in Microsoft Windows to spy on computers used by Nato and other western governments.
Attacks likely successful
FireEye said that the sophistication of the attacks detailed in its report meant that they were likely to have proved successful in the majority of cases.
"I think you would be naïve to assume they haven't been successful. For the large percentage of hacks they are successful, because we know existing security architecture is insufficient in stopping these things," Jason Steer, director of technology strategy at FireEye, told CNBC by phone.
Identifying where hackers are from can be difficult because of clever movement of data and deliberately misleading use of language in malware. Russia is particular hard to pin down due to its hackers covert movements in cyberspace, said Steer.
"They are more adept at covering their trail and they don't want to be seen to be aggressive and active in the way China are, as it could impact negotiations with the European Union and other trading bodies," he said.
FireEye identified APT28 as Russian, based on malware samples that had Russian language settings and which were employed during the working hours of Russia's major cities.
Like Russia, China has also been accused of cyberespionage. Earlier this year, five Chinese military hackers were indicted by U.S. authorities for corporate espionage.